Vulnerabilities > Exposure of System Data to an Unauthorized Control Sphere

DATE CVE VULNERABILITY TITLE RISK
2025-04-24 CVE-2025-46421 A flaw was found in libsoup.
network
high complexity
CWE-497
6.8
2025-04-14 CVE-2022-43852 IBM Aspera Console 3.4.0 through 3.4.4 could disclose sensitive information in HTTP headers that could be used in further attacks against the system.
network
low complexity
CWE-497
5.3
2025-04-07 CVE-2024-45549 Information disclosure while creating MQ channels.
local
low complexity
CWE-497
7.7
2025-03-10 CVE-2024-52905 IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3 could disclose sensitive database information to a privileged user.
network
low complexity
CWE-497
2.7
2025-01-27 CVE-2024-37526 IBM Watson Query on Cloud Pak for Data (IBM Data Virtualization 1.8, 2.0, 2.1, 2.2, and 3.0.0) could allow an authenticated user to obtain sensitive information from objects published using Watson Query due to an improper data protection mechanism.
network
low complexity
CWE-497
6.5
2025-01-24 CVE-2024-40706 Exposure of System Data to an Unauthorized Control Sphere vulnerability in IBM Infosphere Information Server 11.7
IBM InfoSphere Information Server 11.7 could allow a remote user to obtain sensitive version information that could aid in further attacks against the system.
network
low complexity
ibm CWE-497
4.3
2025-01-07 CVE-2024-45640 IBM Security ReaQta 3.12 returns sensitive information in an HTTP response that could be used in further attacks against the system.
network
low complexity
CWE-497
5.3
2025-01-07 CVE-2024-52367 Exposure of System Data to an Unauthorized Control Sphere vulnerability in IBM Concert Software
IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could disclose sensitive system information to an unauthorized actor that could be used in further attacks against the system.
network
low complexity
ibm CWE-497
7.5
2024-12-11 CVE-2023-23472 Exposure of System Data to an Unauthorized Control Sphere vulnerability in IBM Infosphere Information Server 11.7
IBM InfoSphere DataStage Flow Designer (InfoSphere Information Server 11.7) could allow an authenticated user to obtain sensitive information that could aid in further attacks against the system.
network
low complexity
ibm CWE-497
6.5
2024-12-03 CVE-2024-25035 Exposure of System Data to an Unauthorized Control Sphere vulnerability in IBM Cognos Controller 11.0.0/11.0.1
IBM Cognos Controller 11.0.0 and 11.0.1 exposes server details that could allow an attacker to obtain information of the application environment to conduct further attacks.
network
low complexity
ibm CWE-497
5.3